Répertoire de Gobuster/File Brute feuille de chaleur de forceur
Aperçu général
Gobuster est un outil utilisé pour forcer les URI (répertoires et fichiers) dans les sites Web, les sous-domaines DNS, les noms d'hôtes virtuels sur les serveurs Web cibles et ouvrir les seaux Amazon S3. Ecrit en Go, il est rapide, efficace et prend en charge plusieurs modes de fonctionnement pour la reconnaissance complète des applications web.
C'est pas vrai. Attention : Cet outil est destiné uniquement aux tests de pénétration et aux évaluations de sécurité autorisés. Assurez-vous d'avoir une autorisation appropriée avant d'utiliser contre toute cible.
Installation
Aller à l'installation
# Install via Go
go install github.com/OJ/gobuster/v3@latest
# Verify installation
gobuster version
Installation du gestionnaire de paquets
# Ubuntu/Debian
sudo apt update
sudo apt install gobuster
# Arch Linux
sudo pacman -S gobuster
# macOS with Homebrew
brew install gobuster
# Kali Linux (pre-installed)
gobuster --help
```_
### Installation manuelle
```bash
# Download latest release
wget https://github.com/OJ/gobuster/releases/download/v3.6.0/gobuster_Linux_x86_64.tar.gz
tar -xzf gobuster_Linux_x86_64.tar.gz
sudo mv gobuster /usr/local/bin/
# Make executable
sudo chmod +x /usr/local/bin/gobuster
```_
### Installation Docker
```bash
# Pull Docker image
docker pull gobuster/gobuster
# Run with Docker
docker run --rm gobuster/gobuster --help
Utilisation de base
Structure de commandement
# Basic syntax
gobuster [mode] [options]
# Get help
gobuster --help
gobuster [mode] --help
# Check version
gobuster version
Modes disponibles
| Mode | Description |
|---|---|
dir |
Directory/file enumeration mode |
dns |
DNS subdomain enumeration mode |
fuzz |
Fuzzing mode |
s3 |
Amazon S3 bucket enumeration |
gcs |
Google Cloud Storage enumeration |
tftp |
TFTP enumeration mode |
vhost |
Virtual host enumeration mode |
Répertoire et dénombrement des fichiers
Répertoire de base Brute Force
# Basic directory enumeration
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt
# With specific extensions
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt
# Multiple extensions
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt,js,css
# Custom status codes
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -s 200,204,301,302,307,401,403
Options de répertoire avancées
# Increase threads for faster scanning
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 50
# Add delay between requests
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -d 100ms
# Follow redirects
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -r
# Include length in output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -l
# Quiet mode (only show found)
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -q
Authentification et en-têtes
# Basic authentication
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -U username -P password
# Custom headers
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -H "Authorization: Bearer token"
# Multiple headers
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -H "X-Forwarded-For: 127.0.0.1" -H "User-Agent: CustomAgent"
# Cookies
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -c "PHPSESSID=abc123; auth=token"
Options mandataires et SSL
# Use proxy
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://127.0.0.1:8080
# Skip SSL verification
gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt -k
# Custom timeout
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 30s
# Custom user agent
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "Mozilla/5.0 (Custom Agent)"
Énumération du sous-domaine DNS
Énumération DNS de base
# Basic subdomain enumeration
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt
# Show IP addresses
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -i
# Custom resolver
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8
# Multiple resolvers
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8,1.1.1.1
Options DNS avancées
# Increase threads
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -t 50
# Wildcard detection
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --wildcard
# Custom timeout
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --timeout 5s
# Output to file
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -o subdomains.txt
Recensement virtuel des hôtes
Énumération VHost de base
# Basic virtual host enumeration
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt
# Append domain
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --append-domain
# Custom domain
gobuster vhost -u http://192.168.1.100 -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -d target.com
Options VHost avancées
# Filter by status code
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -s 200,302
# Exclude status codes
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -b 404,403
# Custom headers
gobuster vhost -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -H "Authorization: Bearer token"
Mode flou
Fuzzing de base
# Basic fuzzing with FUZZ keyword
gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt
# Multiple FUZZ positions
gobuster fuzz -u http://target.com/FUZZ/FUZZ2 -w /usr/share/wordlists/dirb/common.txt
# Custom extensions in fuzzing
gobuster fuzz -u http://target.com/FUZZ.php -w /usr/share/wordlists/dirb/common.txt
Fuzzing avancé
# Exclude specific responses
gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt --exclude-length 1234
# Filter by response size
gobuster fuzz -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -s 200 --exclude-length 0
# POST data fuzzing
gobuster fuzz -u http://target.com/login -w /usr/share/wordlists/dirb/common.txt -d "username=admin&password=FUZZ"
Énumération du seau Amazon S3
Énumération S3 de base
# Basic S3 bucket enumeration
gobuster s3 -w /usr/share/wordlists/dirb/common.txt
# Custom region
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -r us-west-2
# Maximum keys to list
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -m 1000
Options avancées S3
# Increase threads
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -t 50
# Output to file
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -o s3_buckets.txt
# Quiet mode
gobuster s3 -w /usr/share/wordlists/dirb/common.txt -q
Recensement du stockage Google Cloud
Énumération de base du SGC
# Basic Google Cloud Storage enumeration
gobuster gcs -w /usr/share/wordlists/dirb/common.txt
# Maximum keys to list
gobuster gcs -w /usr/share/wordlists/dirb/common.txt -m 1000
# Increase threads
gobuster gcs -w /usr/share/wordlists/dirb/common.txt -t 50
Listes de mots communes
Listes de mots populaires
# SecLists (comprehensive collection)
/usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/big.txt
# DirBuster wordlists
/usr/share/wordlists/dirb/common.txt
/usr/share/wordlists/dirb/big.txt
/usr/share/wordlists/dirb/small.txt
# Custom wordlists for specific technologies
/usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/wordpress.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/drupal.txt
/usr/share/wordlists/SecLists/Discovery/Web-Content/apache.txt
Création de listes de mots personnalisées
# Combine multiple wordlists
cat /usr/share/wordlists/dirb/common.txt /usr/share/wordlists/dirb/big.txt|sort -u > custom_wordlist.txt
# Generate wordlist from website
cewl http://target.com -w custom_wordlist.txt
# Technology-specific wordlist
echo -e "admin\nadministrator\nlogin\ndashboard\napi\nv1\nv2\ntest\ndev" > custom_dirs.txt
Résultats et rapports
Formats de sortie
# Save to file
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -o results.txt
# JSON output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -o results.json --format json
# Append to existing file
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt >> results.txt
Sortie verbale
# Verbose mode
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -v
# Show progress
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --progress
# No progress bar
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --no-progress
Techniques avancées
Analyse multi-objectifs
# Scan multiple targets
for target in $(cat targets.txt); do
echo "Scanning $target"
gobuster dir -u $target -w /usr/share/wordlists/dirb/common.txt -o "$\\\\{target//\//_\\\\}_results.txt"
done
# Parallel scanning
parallel -j 5 "gobuster dir -u \\\\{\\\\} -w /usr/share/wordlists/dirb/common.txt -o \\\\{//\\\\}_results.txt" :::: targets.txt
Analyse récursive
# Manual recursive scanning
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt|grep "Status: 200"|awk '\\\\{print $1\\\\}' > found_dirs.txt
# Scan found directories
while read dir; do
gobuster dir -u "http://target.com$dir" -w /usr/share/wordlists/dirb/common.txt
done < found_dirs.txt
Taux limitant l'évacuation
# Slow scanning to avoid rate limits
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 1s
# Random delay
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -d 500ms-2s
# Rotate user agents
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
Intégration avec d'autres outils
Intégration de Burp Suite
# Use Burp as proxy
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://127.0.0.1:8080
# Export Burp findings to wordlist
# From Burp: Target > Site map > Right-click > Copy URLs
# Process URLs to create custom wordlist
Intégration Nmap
# Scan web ports first
nmap -p 80,443,8080,8443 target.com --open -oG web_ports.txt
# Extract open ports and scan
grep "80/open\|443/open\|8080/open\|8443/open" web_ports.txt|awk '\\\\{print $2\\\\}'|while read host; do
gobuster dir -u "http://$host" -w /usr/share/wordlists/dirb/common.txt
done
Intégration des noyaux
# Run gobuster first, then nuclei on found directories
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -q|grep "Status: 200" > found_paths.txt
# Run nuclei on found paths
nuclei -l found_paths.txt -t /path/to/nuclei-templates/
Scripts d'automatisation
Script d'énumération Web complète
#!/bin/bash
TARGET=$1
OUTPUT_DIR="gobuster_results_$(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGET" ]; then
echo "Usage: $0 <target_url>"
exit 1
fi
mkdir -p $OUTPUT_DIR
echo "[+] Starting comprehensive web enumeration for $TARGET"
# Directory enumeration with common extensions
echo "[+] Running directory enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt,js,css,xml,json -t 50 -o "$OUTPUT_DIR/directories.txt"
# Common file enumeration
echo "[+] Running common file enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -x php,html,txt,js,css,xml,json,bak,old,tmp -t 50 -o "$OUTPUT_DIR/files.txt"
# Admin panel enumeration
echo "[+] Running admin panel enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/CMS/wordpress.txt -t 50 -o "$OUTPUT_DIR/admin.txt"
# API enumeration
echo "[+] Running API enumeration..."
gobuster dir -u $TARGET -w /usr/share/wordlists/SecLists/Discovery/Web-Content/api/api-endpoints.txt -t 50 -o "$OUTPUT_DIR/api.txt"
# Subdomain enumeration (if domain provided)
if [[ $TARGET =~ ^https?://([^/]+) ]]; then
DOMAIN=$\\\\{BASH_REMATCH[1]\\\\}
echo "[+] Running subdomain enumeration for $DOMAIN..."
gobuster dns -d $DOMAIN -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -t 50 -o "$OUTPUT_DIR/subdomains.txt"
fi
echo "[+] Enumeration complete. Results saved in $OUTPUT_DIR/"
Scanner multi-extension
#!/bin/bash
TARGET=$1
WORDLIST="/usr/share/wordlists/dirb/common.txt"
# Common web extensions
EXTENSIONS=("php" "html" "htm" "txt" "js" "css" "xml" "json" "asp" "aspx" "jsp" "do" "action" "cgi" "pl" "py" "rb" "bak" "old" "tmp" "log")
for ext in "$\\\\{EXTENSIONS[@]\\\\}"; do
echo "[+] Scanning for .$ext files..."
gobuster dir -u $TARGET -w $WORDLIST -x $ext -t 30 -q|grep "Status: 200"
done
Scanner de répertoire récursif
#!/bin/bash
TARGET=$1
WORDLIST="/usr/share/wordlists/dirb/common.txt"
MAX_DEPTH=3
CURRENT_DEPTH=0
scan_directory() \\\\{
local url=$1
local depth=$2
if [ $depth -gt $MAX_DEPTH ]; then
return
fi
echo "[+] Scanning $url (depth: $depth)"
# Scan current directory
gobuster dir -u "$url" -w $WORDLIST -t 30 -q|grep "Status: 200"|while read line; do
found_path=$(echo $line|awk '\\\\{print $1\\\\}')
full_url="$url$found_path"
echo "Found: $full_url"
# If it's a directory, scan recursively
if [[ $found_path == */ ]]; then
scan_directory "$full_url" $((depth + 1))
fi
done
\\\\}
scan_directory $TARGET 0
Optimisation des performances
Threading et Speed
# Optimal thread count (usually 20-50)
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 30
# Adjust timeout for slow servers
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 10s
# Disable progress bar for better performance
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --no-progress
Gestion de la mémoire
# For large wordlists, use streaming
gobuster dir -u http://target.com -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-big.txt -t 20
# Monitor memory usage
watch -n 1 'ps aux|grep gobuster'
Dépannage
Questions communes
# SSL certificate issues
gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt -k
# Connection timeout
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --timeout 30s
# Rate limiting
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 1s
# DNS resolution issues
gobuster dns -d target.com -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -r 8.8.8.8
Mode de débogage
# Enable debug output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt --debug
# Verbose output
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -v
Meilleures pratiques
Stratégie de reconnaissance
- Démarrer avec des répertoires communs: Utilisez d'abord de petites listes de mots communes
- Énumération spécifique à la technologie: Utiliser des listes de mots spécifiques CMS le cas échéant
- Énumération de l'extension: Inclure toujours les extensions de fichiers pertinentes
- Scannage récursif: Scanner les répertoires trouvés pour un dénombrement plus profond
- ** Taux de sensibilisation à la limitation** : Régler les fils et les retards pour éviter la détection
Considérations relatives à la fuite
# Slow and stealthy scanning
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -t 1 -d 2s -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
# Use proxy for anonymity
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -p http://proxy:8080
# Random user agent rotation
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -a "$(shuf -n1 user_agents.txt)"
Ressources
- [Dépôt GitHub de Gobuster] (LINK_4)
- [SecListes de listes de mots] (LINK_4)
- [Guide d'essai de l'OWASP] (LINK_4)
- Essais de pénétration des applications Web
*Cette feuille de triche fournit une référence complète pour l'utilisation de Gobuster. Assurez-vous toujours d'avoir une autorisation appropriée avant d'effectuer des tests de sécurité d'application Web. *